CVE-2024-0462

Name of the Vulnerable Software and Affected Versions code-projects Online Faculty Clearance version 1.0

Description A critical issue has been found in the code-projects Online Faculty Clearance software. The problem affects an unknown functionality of the file /production/designee view status.php, which is part of the HTTP POST Request Handler component. The manipulation of the haydi argument leads to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used.

Recommendations For code-projects Online Faculty Clearance version 1.0, consider disabling the HTTP POST Request Handler component or restricting access to the /production/designee view status.php file until a patch is available. Avoid using the haydi argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.